AWSTemplateFormatVersion: '2010-09-09' Transform: AWS::Serverless-2016-10-31 Description: > Purple service app for multi-bus, multi-account-pattern # More info about Globals: https://github.com/awslabs/serverless-application-model/blob/master/docs/globals.rst Globals: Function: Timeout: 3 Handler: app.lambda_handler Runtime: python3.9 Tags: pattern: multi-bus-multi-account-pattern Parameters: EventBusName: Description: Name of the purple service app event bus Type: String Default: purple-service-event-bus-multi-bus BlueServiceAccountNo: Description: Account Id Blue service event bus to add rules Type: String OrangeServiceAccountNo: Description: Account Id Orange service event bus to add rules Type: String Resources: # Event bus for purple service. PurpleServiceEventBus: Type: AWS::Events::EventBus Properties: Name: !Ref EventBusName # Resource policy for Purple service event bus PurpleServicePublishStatement: Type: AWS::Events::EventBusPolicy Properties: EventBusName: !Ref PurpleServiceEventBus StatementId: "PurpleServicePublish" Statement: Effect: "Allow" Principal: AWS: - !Sub arn:aws:iam::${AWS::AccountId}:root Action: "events:PutEvents" Resource: !GetAtt PurpleServiceEventBus.Arn Condition: StringEquals: "events:source": ["com.exampleCorp.PurpleService"] PurpleEventBusRuleCreationStatement: Type: AWS::Events::EventBusPolicy Properties: EventBusName: !Ref PurpleServiceEventBus StatementId: "AllServiceRuleCreation" Statement: Effect: "Allow" Principal: AWS: - !Sub arn:aws:iam::${BlueServiceAccountNo}:root - !Sub arn:aws:iam::${OrangeServiceAccountNo}:root Action: - "events:PutRule" - "events:DeleteRule" - "events:DescribeRule" - "events:DisableRule" - "events:EnableRule" - "events:PutTargets" - "events:RemoveTargets" Resource: - !Sub arn:aws:events:${AWS::Region}:${AWS::AccountId}:rule/${PurpleServiceEventBus.Name}/* Condition: StringEqualsIfExists: "events:creatorAccount": "${aws:PrincipalAccount}" "events:source": "com.exampleCorp.PurpleService" PurpleServicePublisherE2: Type: AWS::Serverless::Function # More info about Function Resource: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#awsserverlessfunction Properties: CodeUri: purple_p_e2/ Policies: - Version: '2012-10-17' Statement: - Effect: Allow Action: - events:PutEvents Resource: "*" Environment: Variables: EVENT_BUS_ARN: !Ref PurpleServiceEventBus PurpleServiceSubscriberE1: Type: AWS::Serverless::Function Properties: CodeUri: purple_s_e1/ Events: PurpleE1Rule: Type: EventBridgeRule Properties: EventBusName: !Ref PurpleServiceEventBus Pattern: source: - com.exampleCorp.BlueService detail-type: - Event1 PurpleServiceSubscriberE3: Type: AWS::Serverless::Function Properties: CodeUri: purple_s_e3/ Events: PurpleE3Rule: Type: EventBridgeRule Properties: EventBusName: !Ref PurpleServiceEventBus Pattern: source: - com.exampleCorp.OrangeService detail-type: - Event3 # Purple service event bus targe DLQ PurpleServiceEventBusDlq: Type: AWS::SQS::Queue Outputs: PurpleServiceEventBusArn: Description: The ARN of the Purple event bus Value: !GetAtt PurpleServiceEventBus.Arn PurpleServicePublisherE2: Description: Lambda function name for purple service publishing event 2 Value: !Ref PurpleServicePublisherE2 PurpleServiceSubscriberE1: Description: Lambda function name for purple service subscriber to event 1 Value: !Ref PurpleServiceSubscriberE1 PurpleServiceSubscriberE3: Description: Lambda function name for purple service subscriber to event 3 Value: !Ref PurpleServiceSubscriberE3 PurpleServiceEventBusDlqUrl: Description: URL of the SQS Queue for rules DeadLetterConfig Value: !Ref PurpleServiceEventBusDlq PurpleServiceEventBusDlqArn: Description: ARN of the SQS Queue for rules DeadLetterConfig Value: !GetAtt PurpleServiceEventBusDlq.Arn